Shows & Panels
Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- American Readiness: Renewable Power and Efficiency Technologies
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Delivering the Digital Government Mission
- Federal Executive Forum
- Federal News Radio's National Cyber Security Awareness Month Special Panel Discussion
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- Government Perspectives on Mobility and the Cloud
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- The New Generation of Database
- Reimagining the Next Generation of Government
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
Analysis: New cyber bill dials back regulatory aspects of earlier versions
Monday - 7/23/2012, 1:23pm EDT
Five senators last week introduced a revised version of the Cybersecurity Act of 2012 as a last ditch effort at passing a cybersecurity bill before the August recess. The revised bill compromised on the most controversial sections regarding critical infrastructure.
"The version of the bill they are now considering significantly dials back the regulatory component," said Rob Strayer, the director of the Homeland Security Project at the Bipartisan Policy Center. "It makes it strictly voluntary that companies have to comply with cybsecurity performance standards."
Strayer worked on two reports for the BPC about the various cybersecurity bills Congress is considering: Cyber Security Task Force: Public/Private information sharing" and Cyber Security Legislation Privacy Protections are Substantially Similar."
Rob Strayer, director, Homeland Security Project, Bipartisan Policy Center
He told The Federal Drive with Tom Temin and Emily Kopp Monday that the new bill provides incentives for companies through limitations on liabilities from lawsuits for cybersecurity incidents. It also provides additional incentives to try and get companies to comply with the new cybersecurity standards without being required to.
"The only actual requirement in there seems to be in that for a significant cyber incident, a company that owns critical infrastructure assets would have to report that to the government," Strayer said.
The new bill establishes a council to coordinate between various departments, which Strayer considered an "elegant" way to address cybersecurity.
"Many different departments have regulatory or some kind of oversight for different sectors of industry that have cybersecurity issues. And it keeps the Secretary of Homeland Security as the chair of this council and the secretary still writes the information sharing procedures and regulations that had been so controversial on the way," he said.
Under this model, the Department of Homeland Security would set the rules for information reporting and sharing but not the cybersecurity practices that businesses would have to impose to keep themselves safe. Previously, DHS could also set the standards the businesses operated under.
Strayer said that the bill would go a long way toward securing industry networks. One thing that the most recent BPC called for that was lacking in the previous cybersecurity bills was the inclusion of emergency authorities.
"If there was an emergency over our critical infrastructure networks in our country, it's unclear how the federal government would be able to require the private sector to take emergency steps to remedy that," Strayer said. "That's something we think should be thought out well in advance."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.